Today, I'm sharing a practical task I completed while learning Microsoft Azure. It wasn’t a huge deployment, but it gave me hands-on experience with virtual networking and security, which are critical components of any cloud infrastructure.

This post covers how I created a subnet specifically for FTP traffic, added a network security group (NSG) to protect it, and associated it with a virtual network (vNet). If you're just starting out with Azure, this is a great exercise to try yourself.

Scenario
I was assisting an Azure administrator who needed to:

Move an underutilized Linux VM to a new subnet

Set it up as a secure FTP server

Ensure the network flow and resource usage could be monitored and controlled

To help, I needed to:

Create a new subnet within an existing vNet

Create an NSG with specific rules

Attach the NSG to the new subnet

Step 1: Create a New Subnet

Here’s how I created a new subnet in an existing virtual network:

Logged into the Azure Portal

Searched for "Virtual networks"

Selected the guided-project-vnet

Navigated to Subnets under Settings

Clicked + Subnet

Entered the name ftpSubnet

Left all other settings as default

Clicked Add

At this point, the subnet was ready to be used for the FTP server.

Step 2: Create a Network Security Group (NSG)

Next, I created a Network Security Group to secure the subnet:

From the Azure home page, searched for "Network security groups"

Clicked + Create

Verified the subscription and selected the guided-project-rg resource group

Entered ftpNSG as the name

Selected Review + create, then clicked Create

Waited for deployment and selected Go to resource

This NSG would help control which traffic is allowed into the subnet.

Step 3: Add an Inbound Security Rule

To allow FTP access securely (using SFTP on port 22), I added an inbound rule:

In the NSG blade, clicked Inbound security rules

Selected + Add

Set the following:

Destination port ranges: 22

Protocol: TCP

Name: ftpInbound

Clicked Add

This rule ensures only secure SFTP traffic is permitted into the subnet.

Step 4: Associate the NSG with the Subnet

Finally, I connected the NSG to the subnet:

Returned to the guided-project-vnet

Opened the Subnets section

Selected the ftpSubnet

Under Network security group, selected ftpNSG

Clicked Save

With this done, the subnet is now protected and ready to host an FTP server.

Final Thoughts

This task might seem small on the surface, but it touches on key concepts in Azure networking and security. I learned how to:

Navigate Azure's networking resources

Create and configure subnets

Define and apply NSGs

Secure communication ports like port 22 for SFTP

If you're exploring Azure or cloud infrastructure in general, I recommend taking on practical tasks like this. They’re great for building confidence and solidifying your understanding.

Have you done something similar? Let me know in the comments or feel free to share your own approach. I’d love to learn from others in the community.

Thanks for reading.

Resources
Azure Virtual Network documentation

Network Security Groups overview

azure #cloudcomputing #devops #networking